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DETAILED ACTION 

1 . Claims 1 - 30 were examined. 

Information Disclosure Statement 

2. The information disclosure statement submitted on January 3, 2001 was filed 
after the mailing date of the January 8, 2001 on January 12, 2001 . The submission is 
in compliance with the provisions of 37 CFR 1 .97. Accordingly, the petition is granted 
and the information disclosure statement is being considered by the examiner. 

Specification 

3. The specification has not been checked to the extent necessary to determine 
the presence of all possible minor errors. Applicant's cooperation is requested in 
correcting any errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented 
and the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1- 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,18861) in view of OToole, jr. et al (US 6,279,112 B1). 

6. Dondeti discloses a method for securely establishing communication in a 
multicast group of nodes of a network, in which the network includes publisher nodes, 
subscriber nodes, a multi-master directory that stores information about events in the 
network and that can authenticate the subscriber nodes and the publisher nodes, 
whereby each of the subscriber nodes and the publisher nodes receives a unique 
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private key and that can determine events that the subscribers and the publishers may 
process, the method comprising the steps of registering the subscribers and the 
publishers with an event server configured to determine whether the publishers are 
authorized to produce certain events corresponding to the event types and whether the 
subscribers are authorized to receive the certain events in response to the step of 
accessing; generating, with the event server, a group session key for establishing one 
of the multicast groups, the group session key being encrypted in a message that has 
a prescribed format (Col. 3 on 19-35); further comprising the steps of receiving a 
message from the subscribers in response to the subscribers determining whether the 
received message corresponds to a correct key version; updating the group session 
key; and selectively reregistering the subscribers at the event server (Col. 3 on 19-35); 
wherein the prescribed format of the message conforms with lightweight directory 
access protocol (LDAP) (Col. 3 on 19-35); wherein the prescribed format of the 
message comprises a protocol version number field, a message type field, and a 
message length field (Col. 3 on 19-35); wherein the step of authenticating comprises 
controlling access by the directory in conjunction with utilizing an external 
authentication service that allows extending membership of the multicast groups to 
subscribers with no corresponding objects in the directory (Col. 3 on 19-35); wherein 
the external authentication service is supplied by a Kerberos server (Col. 3 on 19-35); 
wherein the event server manages the private keys of the subscribers and the 
publishers (Col. 3 on 19-35); wherein the step of updating comprises creating a new 
group session key modifying the objects based upon the new group session key by 
using a change password protocol; sending a new message that contains the new 
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group session key to the subscribers; and notifying the subscribers to reregister (Col. 3 
on 19-35). 

7. Dondeti does not, however, disclose a method as recited in Claim 1 , above, 
wherein the step of registering comprises performing access control check of the 
subscribers by the event server (OToole, col. 11, In 9 — 34). OToole, however, does, 
as noted above. It would be obvious to one of ordinary skill in the art to combine the 
teachings of Dondeti and OToole to obtain greater security in the distribution of data 
over a network. 

8. Claims 10 - 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,1 88B1) in view of OToole, jr. et al (US 6,279,1 12 B1). 

9. Dondeti discloses a communication system for creating a plurality of secure 
multicast groups in a network that includes a plurality of principals configured for 
functioning as a subscriber and a publisher, each of the principals having a private key, 
a multi-master directory comprising a directory server for communicating with one or 
more of the principals to authenticate each of the principals and to provide access 
control, the multi-master directory controlling access on a per object and per attribute 
basis, the communication system comprising an event server coupled to the plurality of 
principals for registering the plurality of principals and for determining whether the 
principals are authorized to produce certain events when the principals are functioning 
as publishers and whether the principals are authorized to receive the certain events 
when the principals are functioning as subscribers, and means in the event server for 
creating a group session key for establishing one of the multicast groups, by 
distributing the group session key in an encrypted message to the subscribers, the 
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encrypted message encapsulating the group session key according to a prescribed 
format; means in the event server for updating the group session key by utilizing a 
change password protocol to modify an object in the directory; means in the event 
server for notifying the subscribers to reregister in response to the updating of the 
group session key (Col. 3 on 19-35); wherein the directory server is collocated with the 
event server, the directory server and the event server participating in a common one 
of the multicast groups (Col. 3 on 19-35); wherein the prescribed format of the 
message conforms with lightweight directory access protocol (LDAP) (Col. 3 on 19-35); 
wherein the directory authenticates by controlling access in conjunction with utilizing an 
external authentication service that allows extending membership of the multicast 
groups to subscribers with no corresponding objects in the directory (Col. 3 on 19-35); 
wherein the external authentication service is supplied by a Kerberos server (Col. 3 on 
19-35); wherein the prescribed format of the message comprises a protocol version 
number field, a message type field, and a message length field (Col. 3 on 19-35); 
wherein the event server manages the private keys (Col. 3 on 19-35); wherein the 
event server updates the group session key by performing the steps of creating a new 
group session key; modifying the objects based upon the new group session key by 
using a change password protocol; sending a new message that contains the new 
group session key to the subscribers; and notifying the subscribers to reregister (Col. 3 
on 19-35). 

10. Dondeti does not, however, disclose a system as recited in Claim 10, above, 
wherein the event server performs access control check of the subscribers during 
registration of the subscribers (OToole, col. 11, In 9 - 34). OToole, however, does, as 
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noted above. It would be obvious to one of ordinary skill in the art to combine the 
teachings of Dondeti and OToole to obtain greater security in the distribution of data 
over a network. 

11. Claims 19-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,1 88B1) in view of OToole, jr. et al (US 6,279,112 B1). 

12. Dondeti discloses a computer system for establishing multiple secure multicast 
groups, the computer system comprising a communication interface for communicating 
with a plurality of nodes and for interfacing a multi-master directory to authenticate the 
computer system and the plurality of nodes, the multi-master directory having access 
controls on a per object and per attribute basis, wherein the nodes access the directory 
to determine events that the nodes may process, a bus coupled to the communication 
interface for transferring data; one or more processors coupled to the bus for 
selectively generating a group session key and private keys corresponding to the 
plurality of nodes, the group session key being updated by utilizing a change password 
protocol to modify an object corresponding to the events in the directory; and a 
memory coupled to the one or more processors via the bus, the memory including one 
or more sequences of instructions which when executed by the one or more 
processors cause the one or more processors to perform the steps of registering the 
plurality of nodes, determining whether the nodes are authorized to produce and 
authorized to receive certain events corresponding to objects of the directory, 
distributing the group session key to the nodes via a message, the message 
encapsulating the group session key according to a prescribed format, and selectively 
reregistering the nodes in response to updating the group session key (Col. 3 on 19- 
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35); wherein the directory server is collocated with the event server, the directory 
server and the event server participating in a common one of the multicast groups (Col. 
3 on 19-35); wherein the prescribed format of the message conforms with light weight 
directory access protocol (LDAP) (Col. 3 on 19-35); wherein the directory authenticates 
by using authentication services of the directory in conjunction with a Kerberos service 
that allows extending membership to the multicast groups to nodes with no objects in 
the directory (Col. 3 on 19-35); wherein the event server manages private keys of the 
plurality of nodes (Col. 3 on 19-35); wherein the event server updates the group 
session key by performing the steps of creating a new group session key; modifying 
the objects based upon the new group session key by using a change password 
protocol; sending a new message that contains the new group session key to the 
subscribers; and notifying the subscribers to reregister (Col. 3 on 19-35). 

13. Dondeti does not, however, disclose a system as recited in Claim 19, above, 
wherein the computer system performs access control check of the nodes during 
registration (OToole, col. 11, In 9 — 34). OToole, however, does, as noted above. It 
would be obvious to one of ordinary skill in the art to combine the teachings of Dondeti 
and OToole to obtain greater security in the distribution of data over a network. 

14. Claims 26-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,1 88B1) in view of OToole, jr. et al (US 6,279,1 12 B1). 

15. Dondeti discloses a computer-readable medium carrying one or more 
sequences of instructions for securely establishing communication in a multicast group 
of nodes of a network, in which the network includes publisher nodes, subscriber 
nodes, a multi-master directory that stores information about events in the network and 
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that can authenticate the subscriber nodes and the publisher nodes, whereby each of 
the subscriber nodes and the publisher nodes receives a unique private key and that 
can determine events that the subscribers and the publishers may process, wherein 
execution of the one or more sequences of instructions by one or more processors 
causes the one or more processors to perform the steps of registering the subscribers 
and the publishers with an event server, the event server determining whether the 
publishers are authorized to produce certain events corresponding to the event types 
and whether the subscribers are authorized to receive the certain events in response 
to the step of accessing; generating a group session key for establishing one of the 
multicast groups, the group session key being encrypted in a message that has a 
prescribed format (Col. 3 on 19-35); further comprising the steps of receiving a 
message from the subscribers in response to the subscribers determining whether the 
received message corresponds to a correct key version; updating the group session 
key; and selectively reregistering the subscribers at the event server (Col. 3 on 19-35); 
wherein the step of (Col. 3 on 19-35); authenticating comprises controlling access by 
the directory in conjunction with (Col. 3 on 19-35); utilizing an external authentication 
service that allows extending membership of the multicast groups to subscribers with 
no corresponding objects in the directory (Col. 3 on 19-35); wherein the step of 
updating comprises creating a new group session key; modifying the objects based 
upon the new group session key by using a change password protocol; sending a new 
message that contains the new group session key to the subscribers; and notifying the 
subscribers to reregister (Col. 3 on 19-35). 
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16. Dondeti does not, however, disclose a medium as recited under claim 26, 
above, wherein the step of registering comprises performing access control check of 
the subscribers by the event server (OToole, col. 11, In 9 — 34). OToole, however, 
does, as noted above. It would be obvious to one of ordinary skill in the art to combine 
the teachings of Dondeti and OToole to obtain greater security in the distribution of 
data over a network. 

Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

1 8. Kocher et al (US 6,289,455B1 ) discloses a method and apparatus for preventing 
piracy of digital content. 

19. Aronberg et al (US 6,1 17,1 88A) discloses a system and method using token 
processing to control software distribution and desktop management in a computer 
network environment. 

20. Any inquiry concerning this communication from the Examiner should be 
directed to C. Owen Sherr, whose telephone number is (703) 305-0625. The Examiner 
can normally be reached on Mondays through Fridays from 8:30 AM - 5:00 PM. 

21 . If attempts to reach the Examiner by telephone are unsuccessful, the 
Examiner's supervisor, James Trammell, can be reached at (703) 305-9768. The FAX 
phone number for this group is (703) 305-7687. 

22. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the group receptionist, whose telephone number is 
(703) 305-3900. 
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